Abstract

The current, widespread use of computer networks has led to increased
concerns about security. This paper deals with network security
in general, and concentrates on corporate networks in particular.
A method to develop security concepts for corporate networks is
introduced, and stepwise refined.

1. Introduction

It is assumed that the reader of this paper is familiar with the
fundamentals of computer networks, open systems, and OSI networks.
A computer network consists of interconnected computer systems
that can either be closed or open. Closed systems are proprietary,
usually being able to communicate only with systems of the same
manufacturer. In using standardized protocols to provide standardized
services, open systems are free to communicate with other open
systems, forming an OSI network (Open Systems Interconnection).
OSI standards are being developed by the Joint Technical Committee
1 (JTC1) of the International Standards Organization (ISO), and
the International Electrotechnical Commission (IEC).

Corporate networks use public services to interconnect geographically
distributed local area networks and private branch exchanges.
Public services are offered in wide area networks; examples are
leased lines, circuit switched lines, and services that are provided
in packet switched data networks.

A security concept is needed to make a corporate network comparably
secure. A method to develop security concepts for corporate networks
is introduced in this paper. It is organized as follows: Possible
attacks are outlined in section two. The method is shortly described
in section three, and stepwise refined in sections four and five.
Conclusions are drawn in section six.

2. Attacks

Attacks threaten the security (confidentiality, integrity, and
availability) of corporate networks, and data that are stored
or transmitted within. There are passive and active attacks to
be distinguished:

The confidentiality of data is threatened by passive attacks.
The data traffic between the sender and the receiver is observed
by the intruder. It has to be distinguished, whether the intruder
is able to interpret the data, or not. In a passive wiretapping
attack the intruder is able to interpret the data, and to understand
its information accordingly. In a traffic analysis attack the
intruder is not able to interpret the data. He can only learn
from the origins, destinations, frequencies and sizes of messages
or data units. The fact that two entities are communicating may
already be compromising in itself; this may be true for stock-brokers
and military commanders. The feasibility of passive attacks primarily
depends on the physical transmission media in use. Radio and
satellite links are very easy to intercept, whereas metallic conductors,
like twisted pairs or coaxial cables, can only be tapped if they
are physically accessible by the intruder. The tapping of light
wave conductors is even more difficult.

The integrity or availability of data in transmission is threatened
by active attacks. The data traffic between the sender and
the receiver is fully controlled by the intruder. He can modify,
extend, delay, destroy, copy, or reply messages or single data
units. He can also flood the receiver. Provided with the authentication
information of some legitimate user, he can masquerade, and
pretend to be someone else. If passwords are used for authentication
purposes, and if these passwords are transmitted within the network,
the intruder can catch them with a passive wiretapping attack.
As a matter of fact, the transmission of passwords is a major
vulnerability of most computer networks that are in use today.
Natural disasters, like lightnings, fires, floods, or earthquakes,
threaten the safety of corporate networks. Because they can be
controlled by architectural and organizational counter-measures
to a certain degree, they are not subject to this paper.

A corporate network is said to be secure, if it is able to prevent
from passive and active attacks. This goal is hard to reach,
not only because of the huge size of a corporate network, but
also because of its heterogenity; there may be various computer
systems from different manufacturers, possibly running different
operating systems, communication and application software, interconnected
to one corporate network. Gateways may exist to public networks
and other corporate networks.

A corporate network provider has to develop different security
concepts for the network. The choice of an appropriate conecpt
is left to the top management; it has to take the responsibility.
A method is needed to develop different security concepts; a
possibility is introduced in the next section.

3. Method

A method to develop different security concepts for a corporate
network can be based on a layered approach.

On the top level, there is a security policy to be defined for
every security concept. Based on this security policy, and knowing
the actual situation, and the possible forms of attack, a set
of security services has to be derived. This step is indicated
with (1) in the figure above. Possible scurity services are
authentication, confidentiality, integrity, non-repudiation,
and access control services. Security mechanisms have to be studied
or developped for every security service that is required for
a policy. This step is indicated with (2) in the figure above.
Security mechanisms need to be simple, cost-efficient, and secure.
As a matter of fact, they have to be exchangeable; whenever
better mechanisms are found or developped, they must be replaced.

Security services and mechanisms are discussed in the following
sections. The terminology of the OSI security architecture (ISO
7498-2) is needed for this discussion. The use of this terminology
doesn't imply that the method can only be applied to corporate
networks that follow OSI standards; other security services and
mechanisms can be used in addition or instead.

4. Security Services

The OSI security architecture enumerates five calsses of security
services:

Authentication services

Data confidentiality services

Data integrity services

Non-repudiation services

Access control services

Authentication services are to verify the identities of entities,
peer-entities, or data origins. Data confidentiality and data
integrity services are to protect the confidentiality and integrity
of data in transmission; they prevent from passive and active
attacks. There are connection and connectionless data confidentiality
and integrity services. Protection can be restricted to some
particular fields within the data units, too. There is a traffic
flow confidentiality service to prevent from traffic analysis
attacks. Connection integrity services can be provided with or
without recovery. In some cases it might be vital for the receiver
(sender) to prove that data were sent (received) by the stated
originator (intended receiver); non-repudiation services can be
used therefore. Finally, there are access control services to
prevent entities from accessing and using OSI resources in an
unauthorized way.

Authentication, data confidentiality, and data integrity services
represent orthogonal security functions, wheras non-repudiation
is a stronger version of authentication. Access control services
are not much related to the other security services. Authentication
services are fundamental. Although confidentiality, integrity,
and non-repudiation services are based on authentication services,
they can be offered independantly from each another, in order
to extend the overall level of security. Access control services
can be left to application processes; they needn't be offered
in corporate networks.

5. Security Mechanisms

Security mechanisms are used to provide security services. There
are eight classes of security mechanisms enumerated within the
OSI security architecture.

Encipherment is a fundamental security mechanism. It is used
to provide most of the security services (alone or together
with other mechanisms). Within a cryptosystem a plaintext message
is transformed to a ciphertext, using a certain key. It has to
be distinguished, whether the sender and the receiver are using
the same key (secret key cryptosystem, SKC), or not (public key
cryptosystem, PKC). Within a PKC each user holds a pair of keys,
consisting of a public key and a private key. The public key can
be given to anyone, whereas the private key must be kept secret.
With regard to OSI, it has to be distinguished, whether encipherment
is being done in layer one or two (link encryption), or in a higher
layer, typically the presentation or application layer (end-to-end
encryption). With link encryption every trunk can use its own
cryptosystem. One drawback of link encryption is based on the
fact that all data units have to be decrypted within the relay
stations: If these stations can't be trusted, the data units
can be compromised here. This is not true for end-to-end encryption.
The problem of end-to-end encryption is based on the fact that
some basic routing information can't be encrypted here, enabling
traffic analysis attacks.

Digital signatures provide an equivalent for hand-written
signatures; only one person is able to sign, but everybody else
can verify the correctness of the signature. A simple digital
signature scheme can be constructed within a PKC: The sender
encrypts the message using his private key. Everybody knows
the corresponding public key and can decrypt the message, authenticating
automatically the sender. For long messages it is common to
hash the message first, sign the result digitally, and send the
message together with the digitally signed hash function result
to the receiver. The National Institute of Standards and Technology
(NIST) has published a Digital Signature Standard (DSS) back in
1991. The discussion about this standard is not yet closed.

If the confidentiality of a message is protected through
encipherment, its integrity is protected, too. But there are situations
that require the unique protection of integrity. In these situations
the use of encipherment is too expensive, and data integrity mechanisms
are sufficient enough. In data transmission the integrity ofdata
units is protected through checksums. To prevent active attacks,
these checksums must be protected, too. Cryptologically protected
checksums are further referred to as message authentication
codes (MACs). MACs protect the integrity of data units, they don't
protect the integrity of data streams. Sequence numbers, and cryptological
chaining can be used here.

Authentication exchange mechanisms are to provide entity authentication
services. There are simple and strong authentication exchange
mechanisms to be distinguished: Simple mechanisms depend on the
transmission of some authentication information of a particular
users, wheras strong mechanisms are using cryptological protocols
to hide this information. The transmission of a password is a
typical, and commonly used simple authentication exchange mechanism,
whereas challenge-response systems and zero-knowledge interactive
proof systems are used for strong authentication.

In establishing a constant data flow between communicating
entities, traffic padding mechanisms are to prevent from traffic
analysis attacks. The aim is to make it impossible for an intruder
to distinguish data that carry information from data that don't
carry information.

Routing control mechanisms are to avoid vulnerable links from
being used for data transmission. A network with alternative
routes is required here, one of which is comparably safe.

The security of security mechanisms sometimes depend on the
public availability of certain parameters, like public keys in
a PKC. Notarization implies that these parameters can be certified
and published by a trusted certification authority. ITU-T X.509
describes a hierarchical layering of certification authorities.

Access control mechanisms have to make sure that users can
only access resources in a correct and predefined way. Discretionary
and mandatory access controls are used in closed systems. They
are not suitable in open systems; discretionary access controls
because of a missing limitation of subject and object sets, and
mandatory access controls because of possible incompatibilities
among the security labels.

The OSI security architecture has been extended by a multi-part
standard, known as open system security frameworks. Each security
framework addresses, at a general level, one specific topic. A
working group of JTC1 is dealing with management aspects of
OSI security, too.

6. Conclusions

A method to develop security concepts for corporate networks is
outlined in this paper. The method follows a layered approach:
On the top level there has a policy to be defined for every security
concept. Based on this policy, different security services and
corresponding mechanisms can be evaluated.

Authentication services are fundamental for any network; if authentication
is not given, the discussion of further security services is
useless. A lot of research is actually being done in developping
authentication and key distribution systems. Examples are Kerberos
from MIT, NetSP (former KryptoKnight) from IBM, SPX from DEC,
and TESS from the European Institute for System Security (E.I.S.S.).
A Kerberos-like authentication system has been chosen by the Open
Software Foundation (OSF) for its Distributed Computing Environment
(DCE). Based on the key distribution functionality of an authentication
system, data confidentiality, integrity, and non-repuiation services
can be added straightforward.

With regard to a corporate network that is actually being built
for the Swiss federal administration authorities, the authentication
and key distribution systems that are available today are being
considered and evaluated by the Institute for Computer Science
and Applied Mathematics (IAM) of the University of Berne, and
the information security section of the Swiss Federal Office of
Information Technology and Systems (BFI).

Acknowledgement

The authors would like to express their thanks to Mr. P. Trachsel
and Mr. M. Frauenknecht from the Swiss Federal Office of Information
Technology and Systems (BFI) for their support and encouragement.